Restricted register endpoint to LocalHost only

PaulStudios · Jul 28, 2024 · 74d8577 · 74d8577
1 parent ee3e2c7
commit 74d8577
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/commit_history.txt b/commit_history.txt
diff --git a/server/routers/auth.py b/server/routers/auth.py
@@ -1,4 +1,4 @@
-from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi import APIRouter, Depends, HTTPException, status, Request
 from pydantic import UUID4
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.future import select
@@ -16,9 +16,18 @@
 
 @router.post("/register", response_model=auth.schemas.User)
 async def register_user(
+        request: Request,
         user: auth.schemas.UserCreate,
         db: AsyncSession = Depends(database.get_db)
 ):
+    # Check if the request is coming from localhost
+    client_host = request.client.host
+    if client_host not in ['127.0.0.1', 'localhost', '::1']:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Access Restricted"
+        )
+
     # Check if the user already exists
     result = await db.execute(select(auth.models.User).filter_by(username=user.username))
     existing_user = result.scalars().first()